/*
 * SimpleAuthenticator.java
 *
 * Created on 14 luty 2007, 23:35
 *
 */

package arocms.security;

import org.apache.log4j.Logger;
import arocms.security.SimpleRole.Roles;

/**
 * Fields are initalized by SecurityServiceFactory according to their 
 * description in arocms.cfg.xml
 *
 * @author arek
 */
public class SimpleAuthenticator implements SecurityService{
    
    /**
     * Administrator's username.
     */
    public String username;
    
    /**
     * Administrator's password.
     */
    public String password;
    
    /**
     * Curently not used.
     */
    public String role;
    
    private static Logger log = Logger.getLogger(SimpleAuthenticator.class);
    
    /** Creates a new instance of SimpleAuthenticator */
    public SimpleAuthenticator() {
    }

    public Role authenticate(String username, String password) {
        log.debug("username: " + this.username + " ? " + username);
        log.debug("password: " + this.password + " ? " + password);
        SimpleRole retVal = new SimpleRole();
        if (this.username.equals(username) && this.password.equals(password)) {
            retVal.setActualRole(Roles.ADMIN);
        }
        return retVal;
    }

    public Permission checkAccess(String resourceName, Role role) {
        if (role==null) role = new SimpleRole();
        SimpleRole ro = (SimpleRole) role;
        
        Permission retVal= Permission.DENIED;
        
        if (ro.getActualRole()==Roles.ADMIN) retVal = Permission.ALLOWED;
        if (ro.getActualRole()==Roles.USER || ro.getActualRole()==Roles.PUBLIC) {
            //further security checks
            if (resourceName.startsWith("/admin")) retVal = Permission.DENIED;
            else retVal = Permission.ALLOWED;
        }
        log.info("Security constraints to \"" + resourceName +  "\" for user with role " + ro.getActualRole() + " is " + retVal);
        
        return retVal;
    }

    public void configure() {
    }
    
}
